[messaging] EFF Secure Messaging Scorecard

Tao Effect contact at taoeffect.com
Wed Nov 5 21:08:31 PST 2014

On Nov 5, 2014, at 9:00 PM, Joseph Bonneau <jbonneau at gmail.com> wrote:

> Cloud backups can defeat this but we decided to consider this a separate problem-any tool can be defeated if you backup the plaintext somewhere in the cloud. If you think this is a bad feature encourage users to to disable it.

OK, but since it is enabled by default (an opt-out rather than an opt-in, if my memory serves me correctly), shouldn't that checkbox be taken away from Apple, or at the very least, have some type of asterisk next to it?

As-is, people will walk away with an incorrect understanding of the security of Apple's iMessages. I assume it is not EFF's intent to mislead people.

> Apple's encryption is end-to-end.

What definition of end-to-end are you using? Apple is capable of decrypting iMessages sent between users [1], so sorry, but I don't see how that is end-to-end.


Kind regards,
Greg Slepak

Please do not email me anything that you are not comfortable also sharing with the NSA.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20141105/3d93e037/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20141105/3d93e037/attachment.sig>

More information about the Messaging mailing list